Menu path: Sessions > Appliance Mode > Imprivata

Imprivata offers digital security solutions for healthcare organizations. For more information, see

Enable the following in the Setup if you use Imprivata versions above 6.3: System > Registry > imprivata.gain_permission.

Set the URL to the server: URL address of the single sign-on server.

Path to the appliance: Path to the application on the single sign-on server. (Default: sso/servlet/getembeddedloader?arch=amd64)

Enable component's logging

☑  Log files will be generated. You will need them if support is required in the future.

Redirection of smartcards

☑  A smartcard will be redirected into a session.

PIE application launcher for Citrix

☑  Enables the grid theme for organizing Citrix apps.

The following setting is active if Enable component's logging is enabled.

Component's logging verbosity: Specifies the level of detail for the log files.
Possible options:

  • "debug": Detailed information on the flow through the system.
  • "info": Runtime events (startup/shutdown). 
  • "warning": Events that may lead to unexpected behavior.
  • "error": Other errors or unexpected conditions.
  • "critical": Events that may break the workflow. 

Path to certificate: Absolute path to the certificate your Imprivata Appliance or Certification Authority issued. (Default: /wfs/ca-certs/ssoCA.cer)


If you rename the certificate or decide to store it in a different place, you have to adjust the path accordingly under Sessions > Appliance Mode > Imprivata > Path to Certificate.
Best practice is to change it directly through the profile which also issued the firmware update. 

Fast User Switching

FUS user: The username for the preconfigured session.
Possible options:

  • Hostname: The hostname of the endpoint device will be used as a username.
  • MAC address: The MAC address of the device will be used as a username.
  • Serial of the board: The serial number of the device will be used as a username.
  • Free text entry

FUS user's domain: The domain the user belongs to.

FUS user's password: The password of the user running the preconfigured session.

Citrix Store URL: URL of the StoreFront website or of XenApp Services.

FUS resource: The resource, like the Desktop or Application, that is assigned to the username.

Single Application Kiosk: The Imprivata PIE agent will be signaled that the FUS resource is an application.

Enable on-screen keyboard

☑ If a touchscreen is used, the on-screen keyboard is enabled.

The following settings are active if Enable on-screen keyboard is activated.

x coordinate of on-screen keyboard: Specifies the X position of the on-screen keyboard in pixels. (Default: 2)

y coordinate of on-screen keyboard: Specifies the Y position of the on-screen keyboard in pixels. (Default: 2)

Width of on-screen keyboard in pixels: It is recommended that you specify either the width or the height. (Default: 900)

Height of on-screen keyboard in pixels: It is recommended that you specify either the width or the height. (Default: 0)

If you need to modify and adjust the sessions, see Imprivata: Session Customization.

Imprivata automatically creates a data partition, i.e. storage location for internal data.
If you are asked by your support to delete the data partition or you want to delete it for other reasons, see Imprivata: Clear the Imprivata Data Partition.

Useful Registry Keys

  • If you need to set a default AD domain for PIE agent, go to System > Registry > imprivata.default_domain and specify the NetBIOS name of your AD domain.
  • If you need to ignore the VMware protocol selected by the Imprivata appliance, activate System > Registry > imprivata.ignore_horizon_protocol. In this case, the local selection under Horizon Client > Horizon Client Global > Server Options > Preferred desktop protocol will be used.
  • To avoid focus theft from other windows, activate System > Registry > imprivata.avoid_focus_ownership.